1996-08-17 - Re: Unix passwd-cracker online?

Header Data

From: ScottMorris <smorri59@icubed.net>
To: cypherpunks@toad.com
Message Hash: 2423d9cffa8492a99696fe3894df71d26862e7e3f567406247e301aae9412d0e
Message ID: <9608171527.AA26704@raptor.icubed.net>
Reply To: N/A
UTC Datetime: 1996-08-17 17:32:26 UTC
Raw Date: Sun, 18 Aug 1996 01:32:26 +0800

Raw message

From: ScottMorris <smorri59@icubed.net>
Date: Sun, 18 Aug 1996 01:32:26 +0800
To: cypherpunks@toad.com
Subject: Re: Unix passwd-cracker online?
Message-ID: <9608171527.AA26704@raptor.icubed.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:27 AM 8/17/96 -0700, you wrote:
>On Fri, 16 Aug 1996, Carlos L. Mariscal may have written:
>
>> person has obtained a specific password by entering the desired 
>> adresses'passord on a submnit form in a Web page.
>[deletia]
>> never have it if there really is such, but this came to my mind when i read 
>> the posts  on the plate-numbers-in-Oregon polemica. I would appreciate 
>
>Somehow I have a hard time believing this to be true.  I run crack, a
>password searching program that uses a dictionary as its base, on my
>/etc/passwd regularly to locate any users with easily guessed entries.
>With ultra fast crypt (UFC), the fastest crypt() replacement I can find, I
>can run through about 9700 passwords per second on this P6-150.
>[snip]

   You of course are assuming they are using a Unix box. I commonly offload
the etc/passwd file to my pc (p-100) and run Crackerjack against the file.
With a single username a 5 meg wordlist will run in about 30 seconds
(mileage will vary).
    The concept is certainly interesting and is another case for good
passwords. Of course you need to get the password file first which is
another story for another group.

>Sorry, I don't think this is feasable, or possible.

     While I believe this is possible feasable is another story.

>(Please do correct my calculations if errors are detected, especially if
>the corrected numbers make this possible.. it's getting late at night, and
>my mind is fogging up, so these calculations/estimates/wild guesses may be
>off more than usual. It does sound like an interesting project to
>undertake, if it were possible, but not on my equipment!)
>
>
>--    ** NOTE NEW KEY **  As of 08/28/95!  Old key 0x2902B621 COMPROMISED!
>William Ono <wmono@direct.ca>                                PGP Key: F3F716BD
> fingerprint = A8 0D B9 0F 40 A7 D6 64  B3 00 04 74 FD A7 12 C9 = fingerprint
>PGP-encrypted mail welcome!           "640k ought to be enough

-----
Scott L. Morris			Systems Security Consultant
smorri59@icubed.net		Data Forensics
Finger smorri59@ally.ios.com for my pgp public key.






Thread